Sign up for our weekly security newsletter

Cyber-criminals Disseminating Critroni a New Ransomware

According to security researchers, Critroni, one fresh ransomware can be bought on secret crime websites as its sellers say the malware is one fresh edition or generation of CryptoLocker, notorious ransom software known since long, reported softpedia.com dated July 19, 2014.

Buyers need to pay a good $3,000 to get Critroni and according to researchers, different kinds of attackers are currently using it, a few of whom employ Angler, name of an exploit toolkit, for planting spambot onto end-users' computers.

This spambot is relevant because it pulls down Critroni among other payloads. Incase Critroni manages to land on a user's computer, it would encrypt documents and photos after which it would exhibit one dialog box telling about the infection while directing the victim to pay a ransom in Bitcoins so his files can be decrypted.

Kafeine, security researcher from France, after studying the threat explains that the ransom must be paid in 72-hrs, while victims who do not have any Bitcoins are given instructions regarding the way they can obtain the same within different countries.

Critroni is unique in that its C&C server relies on Tor, something noticed within other malware types during the past few months; however, no crypto ransomware exhibited the same feature.

According to Senior Malware Analyst Fedor Sinitsyn from Kaspersky Labs, the new Critroni utilizes C2 concealed inside Tor. Earlier, no cryptomalware was observed equipped with C2 within the Tor network. It was solely the case with banker Trojans, Sinitsyn says. Infosecurity-magazine.com published this, July 20, 2014.

Sinitsyn continues that an executable code is implanted onto Critroni that helps set the Tor connection. Earlier, such connection was done via one Tor.exe file for this kind of malware. However, it's more difficult to implant Tor features onto any cryptomalware so far as programming is concerned. Yet there are certain benefits from it such as aiding it eschewing detection, while being more efficient overall, the analyst points out.

Kafeine notes that Critroni has appeared many times. At first it was a curse to Russian speaking users, while lately it's also targeting English-speaking people so appearing within more regions. Infosecurity-magazine.com published this.